After checking man 5 vsftpd.conf, I'm afraid VSFTPD doesn't contain a native method for blocking hosts. I would recommend reporting the offending IP address to your ISP and blocking it through a firewall such as IP tables.

After checking man 5 vsftpd.conf, I'm afraid VSFTPD doesn't contain a native method for blocking hosts. I would recommend reporting the offending IP address to your ISP and blocking it through a firewall such as IP tables.

Hmm. I'll check out iptables. Is there a script where I can just add an IP to block it using iptables?_________________It is the fate of operating systems to become free.
- Neal Stephenson

If only You and Dead people can read hex, how many people can read hex?

How do you like this? I felt like coding something, so I wrote a program to run through the logfile and block people with too many failed logins. If you like it, save it to block.pl (or whatever), "chmod u+x block.pl", and then "./block.pl" to execute. You could then put it in your cron daemon if you really like it.
Have fun. If you find any bugs or want an extra feature tell me and I'll see what I can do.

Code:

#!/usr/bin/perl -w
# destuxor (wjholden@gmail.com) - 4/26/2006
# A simple script to go through a VSFTPD log and block people who have
# unsuccessfully attempted to log in.

How do you like this? I felt like coding something, so I wrote a program to run through the logfile and block people with too many failed logins. If you like it, save it to block.pl (or whatever), "chmod u+x block.pl", and then "./block.pl" to execute. You could then put it in your cron daemon if you really like it.
Have fun. If you find any bugs or want an extra feature tell me and I'll see what I can do.

Code:

#!/usr/bin/perl -w
# destuxor (wjholden@gmail.com) - 4/26/2006
# A simple script to go through a VSFTPD log and block people who have
# unsuccessfully attempted to log in.

I just hope it works...I have had "xferlog_std_format=YES" in my VSFTPD configuration for a year and a half. Too late to change now
Plus I don't have IP Tables installed on this box. What I'm trying to say is, that code hasn't been tested much (it compiles, it runs, it should work), so if you run into any problems at all I'll be glad to work on it.

I just hope it works...I have had "xferlog_std_format=YES" in my VSFTPD configuration for a year and a half. Too late to change now
Plus I don't have IP Tables installed on this box. What I'm trying to say is, that code hasn't been tested much (it compiles, it runs, it should work), so if you run into any problems at all I'll be glad to work on it.

I finally got around on trying your script. When I run it, it just hangs. Any idea?

Nevermind I installed fail2ban and that seems to work. Thanks again for the help. _________________It is the fate of operating systems to become free.
- Neal Stephenson

If only You and Dead people can read hex, how many people can read hex?

I was looking for a script to stop those ftp attacks some time ago and finally found this forum.
Although I am not using Gentoo (but Fedora) I gave the script of destuxor a try.
After fixing some small issues and adding a permanent banlist, I have it working at home and at the office for some time now.
I am running the script every 2 minutes through a cronjob, to keep the amount of attacks small and also my logfiles don't overflow.